[Bug 14790] after full tilt poker upgrade, client crashes randomly
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Aug 11 03:22:31 CDT 2008
http://bugs.winehq.org/show_bug.cgi?id=14790
Tom Grim <elven.thief at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |elven.thief at gmail.com
--- Comment #4 from Tom Grim <elven.thief at gmail.com> 2008-08-11 03:22:30 ---
I did some debugging and tracing on my own after I found myself affected by
this bug and can offer a few more tidbits.
Non-Technical details:
The crash consistently happens if you mouse over the players names in a lobby
window for a table. Hovering over their name is supposed to give you a tooltip
that has their username, home country, chip stack (if the game has started) and
any notes that you may have created about that user.
The easiest way to avoid this crash, without fixing the code is to simply not
drag your mouse over the user list in a table lobby.
Technical Details:
The crash is happening at line 1563 of TOOLTIPS_GetTextW - it's attempting to
copy a unicode string from a null pointer.
How did it get this null pointer? It appears that the tooltip attached to the
HWND has no string or no size for that matter.
I modified my copy of TOOLTIPS_AddToolW to figure out what was going on and got
this:
trace:tooltips:TOOLTIPS_WindowProc hwnd=0x100fe msg=432 wparam=0 lParam=a1cf80
trace:tooltips:TOOLTIPS_AddToolW add tool (0x100fe) 0x100fa 1064!
trace:tooltips:TOOLTIPS_AddToolW The number of Tools of HWND is 1
trace:tooltips:TOOLTIPS_AddToolW lpToolInfo->lpszText = (null)
trace:tooltips:TOOLTIPS_AddToolW lpToolInfo->Rect position: 0,0 - 0,0
trace:tooltips:TOOLTIPS_AddToolW add string id 0
trace:tooltips:TOOLTIPS_AddToolW subclassing installed!
Note the "add string id 0" instead of "add text" trace.
The story appears to be that the Full Tilt people are reusing a TOOLINFO
structure for the entire player list. When you hover over a players name, it
then resizes the tooltip and updates the text to match what I detailed far
above. The first time that the tooltip is created, it has absolutely no
information, so they load it with null values and zeros.
At some point in their code, they send a TTM_GETTEXTW message when they're
about to update the tooltip's dimensions, location, and text. After a small
mouse move, I guess they check to see if the tooltip needs moved or the text
changed.
Unforunately, on the first iteration of this process, the original TOOLINFO
structure with a null string pointer gets called upon and causes the crash.
It appears that Will's quick fix above is the correct fix"
Will's quick fix above appears to be as correct as possible, given that it
appears to be "legal" for a tooltip with a
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the wine-bugs
mailing list